Method of Inputting Confidential Data on a Terminal

1. Method of inputting confidential data on a terminal including an input interface, at least one processor for running a trusted program and a display screen, the method including the following steps applied before a first input of confidential information and before a second input of confidential information: taking exclusive control of the input interface by the trusted program; displaying on the screen a trusted image known to the user of the terminal to indicate that exclusive control of the input interface has been taken by the trusted program; after control has been taken and before displaying the trusted image, selecting the trusted image as part of a reference image predetermined by the user, wherein the selected trusted image varies from the first input to the second input.

2. Method according to claim 1 , in which the trusted image is selected from selection data chosen by the user and acquired by the input interface after taking control.

3. Method according to one of claims 1 and 2 , comprising receiving the trusted image by the trusted program from a remote server.

4. Method according to claim 1 , in which the trusted image is selected from selection data chosen by the user and acquired by the input interface after taking control, wherein the method comprises receiving the trusted image by the trusted program from a remote server, and in which receiving the trusted image is controlled by sending a request to the remote server, wherein the request is generated by the trusted program from acquired selection data, and the trusted image is selected by the remote server.

5. Method according to claim 2 , also comprising displaying a partition pattern with N regions on the screen before the trusted image is displayed, each region being associated with a corresponding part of the reference image, the selection data acquired by the input interface being representative of a number less than N of regions in the partitioning pattern selected by the user.

6. Method according to claim 2 , in which the input interface includes a touch sensitive element, and wherein the selection data are representative of at least one zone touched by the user.

7. Method according to claim 6 , in which the touch sensitive element is included in the display screen, and the touched zone is representative of a set of contiguous points touched on the screen between when an external body comes into contact with the display screen until contact between said external body and the display screen is broken.

8. Method according to claim 1 , further comprising: storing a first trusted image displayed for the first input, comparing a second trusted image to be displayed for the second input with the first stored trusted image, wherein the second trusted image is displayed only if it is different from the first image.

9. Trusted computer program comprising program code instructions for executing the subsequent steps when it is executed by a terminal including an input interface and a display screen, before confidential data are input: taking exclusive control of the input interface, controlling display of a trusted image on the screen indicating that control has been taken, and controlling selection of the trusted image as part of a reference image predetermined by the user, wherein the selected trusted image varies from one input to another.

10. Terminal comprising an input interface, a display screen, and at least one processor for executing a trusted program according to claim 9 .

11. Terminal according to claim 10 , in which the input interface includes a touch sensitive screen.

12. Terminal according to one of claims 10 and 11 , also comprising a communication interface for communicating with a remote server, and in which the computer program is configured to: send a selection request to the remote server comprising selection data chosen by the user and acquired by the input interface after taking control in reply to the request, from the remote server.

13. System comprising a terminal according to claim 12 and a server comprising at least one processor, a communication interface for communicating with at least one terminal according to claim 12 , wherein the processor is configured to select a trusted image as part of the predetermined reference image, starting from the selection request received by the communication interface, and send the selected trusted image to the terminal.